Skip to main content

📋 Privacy Policy

Last Updated: January 2025

Introduction

Welcome to Receiptr! We're committed to protecting your privacy and being transparent about how we handle your data. This policy explains what information we collect, how we use it, and your rights regarding your personal data.

Receiptr is a mobile app that helps you scan, organize, and manage your receipts digitally. We take your privacy seriously and only collect the data necessary to provide you with the best possible experience.

🔒 Security at a Glance

Your data security is our top priority. Here's what protects your information:

  • 🛡️ Enterprise-Grade Infrastructure: Built on Google Cloud Platform with SOC 2 and ISO 27001 compliance
  • 🔐 End-to-End Encryption: AES-256 encryption for all data, both in transit and at rest
  • 🚫 Firebase App Check: Advanced protection against unauthorized API access and abuse
  • 👤 Strict Access Controls: Only you can access your data through authenticated sessions
  • 🗑️ Secure Deletion: Complete data removal within 30 days of account deletion
  • 📋 No Data Selling: We never sell, rent, or share your personal information with third parties

What We Collect

Receipt Images and Data

  • Receipt Photos: When you scan receipts using your phone's camera, we process these images to extract text and data
  • Extracted Information: We use AI technology to read and structure information from your receipts, including:
    • Store names and addresses
    • Purchase dates and times
    • Item descriptions and prices
    • Tax amounts and totals
    • Payment methods

Account Information

  • Authentication Data: When you create an account, we collect:
    • Email address and password (for email sign-up)
    • Basic profile information from Google (name, email) if you sign in with Google
  • Account Organization: Information about how you organize your receipts (personal, business, club accounts)
  • Usage Data: Basic information about how you use the app to improve our services

Device Information

  • Technical Data: We may collect basic device information such as:
    • Device type and operating system version
    • App version and crash reports (to fix bugs and improve performance)
    • General location data (country/region) for service optimization

How We Use Your Data

We use your information solely to provide and improve the Receiptr service:

Core Functionality

  • Receipt Processing: Convert your receipt images into organized, searchable digital records
  • Data Organization: Help you categorize and manage receipts across different account types
  • Account Management: Maintain your user account and preferences
  • Sync and Backup: Keep your receipt data safe and accessible across app updates

Service Improvement

  • Performance Enhancement: Analyze usage patterns to improve app functionality
  • Bug Fixes: Use crash reports and error logs to identify and fix issues
  • Feature Development: Understand how features are used to guide future improvements

Communication

  • Service Updates: Notify you about important app updates or changes
  • Support: Respond to your questions or technical issues

We do not:

  • Sell your personal data to third parties
  • Use your receipt data for advertising purposes
  • Share your information for marketing by other companies
  • Access your receipt images after processing is complete

Third-Party Services

Receiptr integrates with trusted, enterprise-grade third-party services to provide secure and reliable functionality:

Google Cloud Platform Services

We exclusively use Google's enterprise-grade services, which provide industry-leading security and privacy protections:

Authentication & Identity

  • Firebase Authentication: Enterprise-grade user authentication with advanced security features
    • Multi-factor authentication support
    • Secure session management
    • Built-in protection against common attacks (brute force, credential stuffing)
    • Compliance with OAuth 2.0 and OpenID Connect standards

Data Storage & Management

  • Firebase Firestore: NoSQL document database with enterprise security

    • Automatic encryption at rest and in transit
    • Fine-grained security rules and access controls
    • Real-time synchronization with offline support
    • ACID transactions and data consistency guarantees

  • Firebase Storage: Secure file storage with advanced access controls

    • Temporary storage for receipt image processing only
    • Automatic deletion after processing completion
    • Granular access controls and security rules

AI & Machine Learning

  • Google AI (Gemini): Advanced AI for receipt text extraction and data structuring
    • State-of-the-art optical character recognition (OCR)
    • Intelligent data extraction and categorization
    • Processing occurs in secure, isolated environments
    • No data retention by AI services after processing

Security & Monitoring

  • Firebase App Check: Advanced application security platform
    • Protection against API abuse and unauthorized access
    • Real-time threat detection and mitigation
    • Automated security monitoring and alerts

Data Processing & Security

  • Encrypted Transmission: All data is encrypted using TLS 1.3 during transmission to Google services
  • Processing Isolation: Receipt images are processed in secure, isolated environments
  • Temporary Processing: Original receipt images are only temporarily processed and not permanently stored
  • Data Residency: All processing occurs within Google's secure data centers with appropriate regional compliance
  • No Third-Party Sharing: Google services process your data solely for Receiptr's functionality and do not use it for other purposes

Compliance & Privacy Protections

  • Enterprise Agreements: We have comprehensive data processing agreements with all service providers
  • International Standards: All services comply with GDPR, CCPA, SOC 2, and ISO 27001 standards
  • Regular Audits: Third-party services undergo regular security audits and compliance assessments
  • Transparency Reports: Google publishes regular transparency reports about data handling and government requests
  • Privacy by Design: All services are built with privacy and security as fundamental principles

Data Storage and Security

We implement enterprise-grade security measures to protect your data at every level:

Where Your Data is Stored

  • Google Firebase Infrastructure: Your receipt data is stored securely in Google's enterprise-grade Firebase servers
  • Global Data Centers: Data centers are located in regions with strong privacy protections and comply with international standards
  • Redundant Backup Systems: Multiple backup copies ensure your data is never lost
  • All data is encrypted both in transit and at rest using AES-256 encryption

Advanced Security Measures

Multi-Layer Authentication

  • Firebase Authentication: Industry-leading authentication system with built-in security features
  • Google Sign-In Integration: Secure OAuth 2.0 authentication with Google's trusted infrastructure
  • Email Link Authentication: Passwordless authentication reduces security vulnerabilities
  • Anonymous Mode: Secure temporary access without requiring personal information

App-Level Security

  • Firebase App Check: Advanced protection against unauthorized API access and abuse
  • Request Validation: Every API request is validated and authenticated before processing
  • Rate Limiting: Protection against automated attacks and abuse
  • Secure API Endpoints: All communication uses HTTPS with certificate pinning

Data Protection

  • End-to-End Encryption: Data is encrypted from your device to our servers
  • Firestore Security Rules: Database-level security rules prevent unauthorized access
  • User Data Isolation: Your data is completely separate from other users with strict access controls
  • Regular Security Audits: Continuous monitoring and security assessments

Infrastructure Security

  • Google Cloud Security: Built on Google's secure infrastructure with 24/7 monitoring
  • DDoS Protection: Advanced protection against distributed denial-of-service attacks
  • Intrusion Detection: Real-time monitoring for suspicious activities
  • Compliance Standards: SOC 2, ISO 27001, and other enterprise security certifications

Data Retention and Lifecycle

  • Active Accounts: We keep your receipt data as long as your account is active and you need it
  • Secure Deletion: When you delete your account, all associated data is permanently and securely removed within 30 days
  • Inactive Accounts: Accounts inactive for extended periods (2+ years) may be subject to data deletion after appropriate notice
  • Backup Retention: Encrypted backups are retained for disaster recovery but are subject to the same deletion policies

Your Rights

Under GDPR and other privacy laws, you have several important rights:

Access and Control

  • View Your Data: Request a copy of all personal data we have about you
  • Update Information: Modify or correct your account information at any time
  • Download Data: Export your receipt data in a portable format
  • Delete Account: Permanently delete your account and all associated data

Data Management

  • Selective Deletion: Delete specific receipts or categories of data
  • Processing Control: Understand and control how your data is processed
  • Consent Withdrawal: Withdraw consent for data processing (though this may limit app functionality)

How to Exercise Your Rights

  • In-App Settings: Most data management can be done directly in the app
  • Contact Us: Reach out to our support team for assistance with data requests
  • Response Time: We'll respond to your requests within 30 days

Account Types and Premium Features

Free Account

  • One account is available for free
  • Full access to core receipt scanning and organization features
  • Standard data storage and security protections

Future Premium Features

  • Additional account types may be available through premium subscriptions
  • Premium features will be clearly disclosed before purchase
  • Your privacy rights remain the same regardless of account type

Children's Privacy

Receiptr is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

International Data Transfers

Your data may be processed in countries other than where you live. We ensure that:

  • All transfers comply with applicable privacy laws
  • Adequate protection measures are in place
  • Your rights remain protected regardless of processing location

Changes to This Policy

We may update this privacy policy from time to time to reflect:

  • Changes in our services or features
  • Updates to privacy laws and regulations
  • Improvements to our privacy practices

Notification of Changes

  • Significant Changes: We'll notify you directly through the app or email
  • Minor Updates: Changes will be posted with an updated "Last Updated" date
  • Continued Use: Using the app after changes indicates acceptance of the updated policy

Contact Us

We're here to help with any privacy questions or concerns:

Privacy Inquiries

  • Email: privacy@receiptr.app
  • Response Time: We aim to respond within 48 hours
  • Data Requests: Include "Data Request" in your subject line for faster processing

General Support

If you have concerns about our privacy practices that we haven't addressed, you have the right to contact your local data protection authority.

Thank you for trusting Receiptr with your receipt management needs. Your privacy is important to us, and we're committed to protecting it.